first commit

backend/app/schemas/auth.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+from typing import Any
+
+from app.schemas.common import ApiModel
+
+
+class PermissionContextRead(ApiModel):
+    is_admin: bool = False
+    can_manage_sites: bool = False
+    can_manage_experiments: bool = False
+    can_manage_variants: bool = False
+    can_manage_releases: bool = False
+    can_manage_goals: bool = False
+    can_manage_sdk_configs: bool = False
+    can_use_editor: bool = False
+    can_read_runtime: bool = False
+    raw_permissions: list[str] = []
+
+
+class AuthenticatedUser(ApiModel):
+    """Normalized current-user payload used by FastAPI.
+
+    We keep the shape close to current frontend needs so migration can happen
+    incrementally without losing role/group context.
+    """
+
+    id: str
+    email: str | None = None
+    first_name: str | None = None
+    status: str | None = None
+    fb_token: str | None = None
+    role: dict[str, Any] | None = None
+    user_group: dict[str, Any] | None = None
+    domain_permissions: list[str] = []
+    permissions: PermissionContextRead
+
+
+class AuthMeResponse(ApiModel):
+    user: AuthenticatedUser